Attachment #53483 for bug #82372

Lines 139-144 Link Here

(-)openssh-4.0p1/servconf.c (+90 lines)
139	options->va.responder_url = NULL;	139	options->va.responder_url = NULL;
140	#endif /def SSH_OCSP_ENABLED/	140	#endif /def SSH_OCSP_ENABLED/
141		141
		142	options->log_sftp = LOG_SFTP_NOT_SET;
		143	options->sftp_log_facility = SYSLOG_FACILITY_NOT_SET;
		144	options->sftp_log_level = SYSLOG_LEVEL_NOT_SET;
		145
		146	memset(options->sftp_umask, 0, SFTP_UMASK_LENGTH);
		147
		148	options->sftp_permit_chmod = SFTP_PERMIT_NOT_SET;
		149	options->sftp_permit_chown = SFTP_PERMIT_NOT_SET;
		150
142	/* Needs to be accessable in many places */	151	/* Needs to be accessable in many places */
143	use_privsep = -1;	152	use_privsep = -1;
144	}	153	}
Lines 288-293 Link Here
288	ssh_set_validator(&options->va);	297	ssh_set_validator(&options->va);
289	#endif /def SSH_OCSP_ENABLED/	298	#endif /def SSH_OCSP_ENABLED/
290		299
		300	/* Turn sftp-server logging off by default */
		301	if (options->log_sftp == LOG_SFTP_NOT_SET)
		302	options->log_sftp = LOG_SFTP_NO;
		303	if (options->sftp_log_facility == SYSLOG_FACILITY_NOT_SET)
		304	options->sftp_log_facility = SYSLOG_FACILITY_AUTH;
		305	if (options->sftp_log_level == SYSLOG_LEVEL_NOT_SET)
		306	options->sftp_log_level = SYSLOG_LEVEL_INFO;
		307
		308	/* Don't set sftp-server umask */
		309	if (!options->sftp_umask)
		310	memset(options->sftp_umask, 0, SFTP_UMASK_LENGTH);
		311
		312	/* allow sftp client to issue chmod, chown / chgrp commands */
		313	if (options->sftp_permit_chmod == SFTP_PERMIT_NOT_SET)
		314	options->sftp_permit_chmod = SFTP_PERMIT_YES;
		315	if (options->sftp_permit_chown == SFTP_PERMIT_NOT_SET)
		316	options->sftp_permit_chown = SFTP_PERMIT_YES;
		317
291	/* Turn privilege separation on by default */	318	/* Turn privilege separation on by default */
292	if (use_privsep == -1)	319	if (use_privsep == -1)
293	use_privsep = 1;	320	use_privsep = 1;
Lines 308-313 Link Here
308	/* Portable-specific options */	335	/* Portable-specific options */
309	sUsePAM,	336	sUsePAM,
310	/* Standard Options */	337	/* Standard Options */
		338	sLogSftp, sSftpLogFacility, sSftpLogLevel,
		339	sSftpUmask,
		340	sSftpPermitChown, sSftpPermitChmod,
311	sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,	341	sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
312	sPermitRootLogin, sLogFacility, sLogLevel,	342	sPermitRootLogin, sLogFacility, sLogLevel,
313	sRhostsRSAAuthentication, sRSAAuthentication,	343	sRhostsRSAAuthentication, sRSAAuthentication,
Lines 406-411 Link Here
406	{ "printmotd", sPrintMotd },	436	{ "printmotd", sPrintMotd },
407	{ "printlastlog", sPrintLastLog },	437	{ "printlastlog", sPrintLastLog },
408	{ "ignorerhosts", sIgnoreRhosts },	438	{ "ignorerhosts", sIgnoreRhosts },
		439	{ "logsftp", sLogSftp},
		440	{ "sftplogfacility", sSftpLogFacility},
		441	{ "sftploglevel", sSftpLogLevel},
		442	{ "sftpumask", sSftpUmask},
		443	{ "sftppermitchmod", sSftpPermitChmod},
		444	{ "sftppermitchown", sSftpPermitChown},
409	{ "ignoreuserknownhosts", sIgnoreUserKnownHosts },	445	{ "ignoreuserknownhosts", sIgnoreUserKnownHosts },
410	{ "x11forwarding", sX11Forwarding },	446	{ "x11forwarding", sX11Forwarding },
411	{ "x11displayoffset", sX11DisplayOffset },	447	{ "x11displayoffset", sX11DisplayOffset },
Lines 522-527 Link Here
522	int *intptr, value, i, n;	558	int *intptr, value, i, n;
523	ServerOpCodes opcode;	559	ServerOpCodes opcode;
524	u_short port;	560	u_short port;
		561	unsigned int umaskvalue = 0;
		562	char *umaskptr;
525		563
526	cp = line;	564	cp = line;
527	arg = strdelim(&cp);	565	arg = strdelim(&cp);
Lines 983-988 Link Here
983	case sBanner:	1021	case sBanner:
984	charptr = &options->banner;	1022	charptr = &options->banner;
985	goto parse_filename;	1023	goto parse_filename;
		1024
		1025	case sLogSftp:
		1026	intptr = &options->log_sftp;
		1027	goto parse_flag;
		1028
		1029	case sSftpLogFacility:
		1030	intptr = (int *) &options->sftp_log_facility;
		1031	arg = strdelim(&cp);
		1032	value = log_facility_number(arg);
		1033	if (value == SYSLOG_FACILITY_NOT_SET)
		1034	fatal("%.200s line %d: unsupported log facility '%s'",
		1035	filename, linenum, arg ? arg : "<NONE>");
		1036	if (*intptr == -1)
		1037	*intptr = (SyslogFacility) value;
		1038	break;
		1039
		1040	case sSftpLogLevel:
		1041	intptr = (int *) &options->sftp_log_level;
		1042	arg = strdelim(&cp);
		1043	value = log_level_number(arg);
		1044	if (value == SYSLOG_LEVEL_NOT_SET)
		1045	fatal("%.200s line %d: unsupported log level '%s'",
		1046	filename, linenum, arg ? arg : "<NONE>");
		1047	if (*intptr == -1)
		1048	*intptr = (LogLevel) value;
		1049	break;
		1050
		1051	case sSftpUmask:
		1052	arg = strdelim(&cp);
		1053	umaskptr = arg;
		1054	while (arg && arg && arg >= '0' && *arg <= '9')
		1055	umaskvalue = umaskvalue * 8 + *arg++ - '0';
		1056	if (!arg \|\| *arg \|\| umaskvalue > 0777)
		1057	fatal("%s line %d: bad value for sSftpUmask",
		1058	filename, linenum);
		1059	else {
		1060	while (umaskptr && umaskptr == '0')
		1061	*umaskptr++;
		1062	strncpy(options->sftp_umask, umaskptr,
		1063	SFTP_UMASK_LENGTH);
		1064	}
		1065
		1066	break;
		1067
		1068	case sSftpPermitChmod:
		1069	intptr = &options->sftp_permit_chmod;
		1070	goto parse_flag;
		1071
		1072	case sSftpPermitChown:
		1073	intptr = &options->sftp_permit_chown;
		1074	goto parse_flag;
		1075
986	/*	1076	/*
987	* These options can contain %X options expanded at	1077	* These options can contain %X options expanded at
988	* connect time, so that you can specify paths like:	1078	* connect time, so that you can specify paths like:

Lines 44-49 Link Here

(-)openssh-4.0p1/servconf.h (+19 lines)
44		44
45	#define MAX_PORTS 256 /* Max # ports. */	45	#define MAX_PORTS 256 /* Max # ports. */
46		46
		47	/* sftp-server logging */
		48	#define LOG_SFTP_NOT_SET -1
		49	#define LOG_SFTP_NO 0
		50	#define LOG_SFTP_YES 1
		51
		52	/* sftp-server umask control */
		53	#define SFTP_UMASK_LENGTH 5
		54
		55	/* sftp-server client priviledge */
		56	#define SFTP_PERMIT_NOT_SET -1
		57	#define SFTP_PERMIT_NO 0
		58	#define SFTP_PERMIT_YES 1
		59
47	#define MAX_ALLOW_USERS 256 /* Max # users on allow list. */	60	#define MAX_ALLOW_USERS 256 /* Max # users on allow list. */
48	#define MAX_DENY_USERS 256 /* Max # users on deny list. */	61	#define MAX_DENY_USERS 256 /* Max # users on deny list. */
49	#define MAX_ALLOW_GROUPS 256 /* Max # groups on allow list. */	62	#define MAX_ALLOW_GROUPS 256 /* Max # groups on allow list. */
Lines 123-128 Link Here
123	int use_login; /* If true, login(1) is used */	136	int use_login; /* If true, login(1) is used */
124	int compression; /* If true, compression is allowed */	137	int compression; /* If true, compression is allowed */
125	int allow_tcp_forwarding;	138	int allow_tcp_forwarding;
		139	int log_sftp; /* perform sftp-server logging */
		140	SyslogFacility sftp_log_facility; /* Facility for sftp subsystem logging. */
		141	LogLevel sftp_log_level; /* Level for sftp subsystem logging. */
		142	char sftp_umask[SFTP_UMASK_LENGTH]; /* Sftp Umask */
		143	int sftp_permit_chmod;
		144	int sftp_permit_chown;
126	u_int num_allow_users;	145	u_int num_allow_users;
127	char *allow_users[MAX_ALLOW_USERS];	146	char *allow_users[MAX_ALLOW_USERS];
128	u_int num_deny_users;	147	u_int num_deny_users;

Lines 112-117 Link Here

(-)openssh-4.0p1/session.c (+70 lines)
112		112
113	static int is_child = 0;	113	static int is_child = 0;
114		114
		115	/* so SFTP_LOG_FACILITY and SFTP_LOG_LEVEL can be passed through the
		116	environment to the sftp-server subsystem. */
		117	static const char *sysfac_to_int[] = { "0", "1", "2", "3", "4", "5", "6",
		118	"7", "8", "9", "10", "11", "-1" };
		119	static const char *syslevel_to_int[] = { "0", "1", "2", "3", "4", "5", "6",
		120	"7", "-1" };
		121
		122	static char *sftpumask;
		123
115	/* Name and directory of socket for authentication agent forwarding. */	124	/* Name and directory of socket for authentication agent forwarding. */
116	static char *auth_sock_name = NULL;	125	static char *auth_sock_name = NULL;
117	static char *auth_sock_dir = NULL;	126	static char *auth_sock_dir = NULL;
Lines 1142-1147 Link Here
1142	child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,	1152	child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,
1143	auth_sock_name);	1153	auth_sock_name);
1144		1154
		1155	/* LOG_SFTP */
		1156	if (options.log_sftp == -1 )
		1157	child_set_env(&env, &envsize, "LOG_SFTP", "-1");
		1158	else if (options.log_sftp == 0)
		1159	child_set_env(&env, &envsize, "LOG_SFTP", "0");
		1160	else
		1161	child_set_env(&env, &envsize, "LOG_SFTP", "1");
		1162
		1163	/* SFTP_LOG_FACILITY */
		1164	if (options.sftp_log_facility < 0)
		1165	child_set_env(&env, &envsize, "SFTP_LOG_FACILITY",
		1166	"-1");
		1167	else
		1168	child_set_env(&env, &envsize, "SFTP_LOG_FACILITY",
		1169	sysfac_to_int[options.sftp_log_facility]);
		1170
		1171	/* SFTP_LOG_LEVEL */
		1172	if (options.sftp_log_level < 0)
		1173	child_set_env(&env, &envsize, "SFTP_LOG_LEVEL",
		1174	"-1");
		1175	else
		1176	child_set_env(&env, &envsize, "SFTP_LOG_LEVEL",
		1177	syslevel_to_int[options.sftp_log_level]);
		1178
		1179	/* SFTP_UMASK */
		1180
		1181	if (options.sftp_umask[0] == '\0')
		1182	child_set_env(&env, &envsize, "SFTP_UMASK",
		1183	"" );
		1184	else {
		1185	if (!(sftpumask = calloc(SFTP_UMASK_LENGTH,1))) {
		1186
		1187	logit("session.c: unabled to allocate memory for SftpUmask. SftpUmask control \
		1188	will be turned off.");
		1189
		1190	child_set_env(&env, &envsize, "SFTP_UMASK",
		1191	"" );
		1192	} else {
		1193	strncpy(sftpumask, options.sftp_umask,
		1194	SFTP_UMASK_LENGTH);
		1195	child_set_env(&env, &envsize, "SFTP_UMASK",
		1196	sftpumask );
		1197	}
		1198	}
		1199
		1200	/* SFTP_PERMIT_CHMOD */
		1201	if (options.sftp_permit_chmod == -1 )
		1202	child_set_env(&env, &envsize, "SFTP_PERMIT_CHMOD", "-1");
		1203	else if (options.sftp_permit_chmod == 0)
		1204	child_set_env(&env, &envsize, "SFTP_PERMIT_CHMOD", "0");
		1205	else
		1206	child_set_env(&env, &envsize, "SFTP_PERMIT_CHMOD", "1");
		1207
		1208	/* SFTP_PERMIT_CHOWN */
		1209	if (options.sftp_permit_chown == -1 )
		1210	child_set_env(&env, &envsize, "SFTP_PERMIT_CHOWN", "-1");
		1211	else if (options.sftp_permit_chown == 0)
		1212	child_set_env(&env, &envsize, "SFTP_PERMIT_CHOWN", "0");
		1213	else
		1214	child_set_env(&env, &envsize, "SFTP_PERMIT_CHOWN", "1");
		1215
1145	/* read $HOME/.ssh/environment. */	1216	/* read $HOME/.ssh/environment. */
1146	if (options.permit_user_env && !options.use_login) {	1217	if (options.permit_user_env && !options.use_login) {
1147	snprintf(buf, sizeof buf, "%.200s/.ssh/environment",	1218	snprintf(buf, sizeof buf, "%.200s/.ssh/environment",




option.
See
.Xr sshd_config 5
for more information. Sftp-server transactions may be logged
using the
.Cm LogSftp ,
.Cm SftpLogFacility ,
and
.Cm SftpLogLevel
options. The administrator may exert control over the file and directory
permission and ownership, with
.Cm SftpUmask ,
.Cm SftpPermitChmod ,
and
.Cm SftpPermitChown
. See
.Xr sshd_config 5
for more information.
.Sh SEE ALSO
.Xr sftp 1 ,
.Xr ssh 1 ,
.Xr sshd_config 5 ,
.Xr sshd 8,
.Xr sshd_config 5
.Rs
.%A T. Ylonen
.%A S. Lehtinen

Lines 31-36 Link Here

(-)openssh-4.0p1/sftp-server.c (-14 / +155 lines)
31	#define get_string(lenp) buffer_get_string(&iqueue, lenp);	31	#define get_string(lenp) buffer_get_string(&iqueue, lenp);
32	#define TRACE debug	32	#define TRACE debug
33		33
		34	/* SFTP_UMASK */
		35	static mode_t setumask = 0;
		36
		37	static int permit_chmod = 1;
		38	static int permit_chown = 1;
		39	static int permit_logging = 0;
		40
34	extern char *__progname;	41	extern char *__progname;
35		42
36	/* input and output queue */	43	/* input and output queue */
Lines 381-386 Link Here
381	a = get_attrib();	388	a = get_attrib();
382	flags = flags_from_portable(pflags);	389	flags = flags_from_portable(pflags);
383	mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a->perm : 0666;	390	mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a->perm : 0666;
		391
		392	if (setumask != 0) {
		393	if ( permit_logging == 1 )
		394	logit("setting file creation mode to 0666 and umask to %o", setumask);
		395	mode = 0666;
		396	umask(setumask);
		397	}
		398
384	TRACE("open id %u name %s flags %d mode 0%o", id, name, pflags, mode);	399	TRACE("open id %u name %s flags %d mode 0%o", id, name, pflags, mode);
385	fd = open(name, flags, mode);	400	fd = open(name, flags, mode);
386	if (fd < 0) {	401	if (fd < 0) {
Lines 394-399 Link Here
394	status = SSH2_FX_OK;	409	status = SSH2_FX_OK;
395	}	410	}
396	}	411	}
		412	if ( permit_logging == 1 )
		413	logit("open %s", name);
397	if (status != SSH2_FX_OK)	414	if (status != SSH2_FX_OK)
398	send_status(id, status);	415	send_status(id, status);
399	xfree(name);	416	xfree(name);
Lines 430-435 Link Here
430	(u_int64_t)off, len);	447	(u_int64_t)off, len);
431	if (len > sizeof buf) {	448	if (len > sizeof buf) {
432	len = sizeof buf;	449	len = sizeof buf;
		450	if ( permit_logging == 1 )
433	logit("read change len %d", len);	451	logit("read change len %d", len);
434	}	452	}
435	fd = handle_to_fd(handle);	453	fd = handle_to_fd(handle);
Lines 449-454 Link Here
449	}	467	}
450	}	468	}
451	}	469	}
		470	if ( permit_logging == 1 )
		471	logit("reading file");
452	if (status != SSH2_FX_OK)	472	if (status != SSH2_FX_OK)
453	send_status(id, status);	473	send_status(id, status);
454	}	474	}
Lines 483-492 Link Here
483	} else if (ret == len) {	503	} else if (ret == len) {
484	status = SSH2_FX_OK;	504	status = SSH2_FX_OK;
485	} else {	505	} else {
		506	if ( permit_logging == 1 )
486	logit("nothing at all written");	507	logit("nothing at all written");
487	}	508	}
488	}	509	}
489	}	510	}
		511	if ( permit_logging == 1 )
		512	logit("writing file");
490	send_status(id, status);	513	send_status(id, status);
491	xfree(data);	514	xfree(data);
492	}	515	}
Lines 579-602 Link Here
579	a = get_attrib();	602	a = get_attrib();
580	TRACE("setstat id %u name %s", id, name);	603	TRACE("setstat id %u name %s", id, name);
581	if (a->flags & SSH2_FILEXFER_ATTR_SIZE) {	604	if (a->flags & SSH2_FILEXFER_ATTR_SIZE) {
		605	if ( permit_logging == 1 )
		606	logit("process_setstat: truncate");
582	ret = truncate(name, a->size);	607	ret = truncate(name, a->size);
583	if (ret == -1)	608	if (ret == -1)
584	status = errno_to_portable(errno);	609	status = errno_to_portable(errno);
585	}	610	}
586	if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {	611	if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {
587	ret = chmod(name, a->perm & 0777);	612	if (permit_chmod == 1) {
588	if (ret == -1)	613	ret = chmod(name, a->perm & 0777);
589	status = errno_to_portable(errno);	614	if (ret == -1)
		615	status = errno_to_portable(errno);
		616	else
		617	if ( permit_logging == 1 )
		618	logit("chmod'ed %s", name);
		619	} else {
		620	status = SSH2_FX_PERMISSION_DENIED;
		621	if ( permit_logging == 1 )
		622	logit("chmod %s: operation prohibited by sftp-server configuration.", name);
		623	}
590	}	624	}
591	if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) {	625	if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) {
		626	if ( permit_logging == 1 )
		627	logit("process_setstat: utimes");
592	ret = utimes(name, attrib_to_tv(a));	628	ret = utimes(name, attrib_to_tv(a));
593	if (ret == -1)	629	if (ret == -1)
594	status = errno_to_portable(errno);	630	status = errno_to_portable(errno);
595	}	631	}
596	if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) {	632	if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) {
597	ret = chown(name, a->uid, a->gid);	633	if (permit_chown == 1) {
598	if (ret == -1)	634	ret = chown(name, a->uid, a->gid);
599	status = errno_to_portable(errno);	635	if (ret == -1)
		636	status = errno_to_portable(errno);
		637	else
		638	if ( permit_logging == 1 )
		639	logit("chown'ed %s.", name);
		640	} else {
		641	status = SSH2_FX_PERMISSION_DENIED;
		642	if ( permit_logging == 1 )
		643	logit("chown %s: operation prohibited by sftp-server configuration.", name);
		644	}
600	}	645	}
601	send_status(id, status);	646	send_status(id, status);
602	xfree(name);	647	xfree(name);
Lines 611-616 Link Here
611	int status = SSH2_FX_OK;	656	int status = SSH2_FX_OK;
612	char *name;	657	char *name;
613		658
		659	if ( permit_logging == 1 )
		660	logit("process_fsetstat");
		661
614	id = get_int();	662	id = get_int();
615	handle = get_handle();	663	handle = get_handle();
616	a = get_attrib();	664	a = get_attrib();
Lines 621-640 Link Here
621	status = SSH2_FX_FAILURE;	669	status = SSH2_FX_FAILURE;
622	} else {	670	} else {
623	if (a->flags & SSH2_FILEXFER_ATTR_SIZE) {	671	if (a->flags & SSH2_FILEXFER_ATTR_SIZE) {
		672	if ( permit_logging == 1 )
		673	logit("process_fsetstat: ftruncate");
624	ret = ftruncate(fd, a->size);	674	ret = ftruncate(fd, a->size);
625	if (ret == -1)	675	if (ret == -1)
626	status = errno_to_portable(errno);	676	status = errno_to_portable(errno);
627	}	677	}
628	if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {	678	if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {
		679	if (permit_chmod == 1) {
629	#ifdef HAVE_FCHMOD	680	#ifdef HAVE_FCHMOD
630	ret = fchmod(fd, a->perm & 0777);	681	ret = fchmod(fd, a->perm & 0777);
631	#else	682	#else
632	ret = chmod(name, a->perm & 0777);	683	ret = chmod(name, a->perm & 0777);
633	#endif	684	#endif
634	if (ret == -1)	685	if (ret == -1)
635	status = errno_to_portable(errno);	686	status = errno_to_portable(errno);
		687	else
		688	if ( permit_logging == 1 )
		689	logit("chmod: succeeded.");
		690	} else {
		691	status = SSH2_FX_PERMISSION_DENIED;
		692	if ( permit_logging == 1 )
		693	logit("chmod: operation prohibited by sftp-server configuration.");
		694	}
636	}	695	}
637	if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) {	696	if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) {
		697	if ( permit_logging == 1 )
		698	logit("process_fsetstat: utimes");
638	#ifdef HAVE_FUTIMES	699	#ifdef HAVE_FUTIMES
639	ret = futimes(fd, attrib_to_tv(a));	700	ret = futimes(fd, attrib_to_tv(a));
640	#else	701	#else
Lines 644-656 Link Here
644	status = errno_to_portable(errno);	705	status = errno_to_portable(errno);
645	}	706	}
646	if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) {	707	if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) {
		708	if (permit_chown == 1) {
647	#ifdef HAVE_FCHOWN	709	#ifdef HAVE_FCHOWN
648	ret = fchown(fd, a->uid, a->gid);	710	ret = fchown(fd, a->uid, a->gid);
649	#else	711	#else
650	ret = chown(name, a->uid, a->gid);	712	ret = chown(name, a->uid, a->gid);
651	#endif	713	#endif
652	if (ret == -1)	714	if (ret == -1)
653	status = errno_to_portable(errno);	715	status = errno_to_portable(errno);
		716	else
		717	if ( permit_logging == 1 )
		718	logit("chown: succeeded");
		719	} else {
		720	status = SSH2_FX_PERMISSION_DENIED;
		721	if ( permit_logging == 1 )
		722	logit("chown: operation prohibited by sftp-server configuration.");
		723	}
654	}	724	}
655	}	725	}
656	send_status(id, status);	726	send_status(id, status);
Lines 680-685 Link Here
680	}	750	}
681		751
682	}	752	}
		753	if ( permit_logging == 1 )
		754	logit("opendir %s", path);
683	if (status != SSH2_FX_OK)	755	if (status != SSH2_FX_OK)
684	send_status(id, status);	756	send_status(id, status);
685	xfree(path);	757	xfree(path);
Lines 753-758 Link Here
753	TRACE("remove id %u name %s", id, name);	825	TRACE("remove id %u name %s", id, name);
754	ret = unlink(name);	826	ret = unlink(name);
755	status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;	827	status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
		828	if ( permit_logging == 1 )
		829	logit("remove file %s", name);
756	send_status(id, status);	830	send_status(id, status);
757	xfree(name);	831	xfree(name);
758	}	832	}
Lines 770-778 Link Here
770	a = get_attrib();	844	a = get_attrib();
771	mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ?	845	mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ?
772	a->perm & 0777 : 0777;	846	a->perm & 0777 : 0777;
		847
		848	if (setumask != 0) {
		849	if ( permit_logging == 1 )
		850	logit("setting directory creation mode to 0777 and umask to %o.", setumask);
		851	mode = 0777;
		852	umask(setumask);
		853	}
		854
773	TRACE("mkdir id %u name %s mode 0%o", id, name, mode);	855	TRACE("mkdir id %u name %s mode 0%o", id, name, mode);
774	ret = mkdir(name, mode);	856	ret = mkdir(name, mode);
775	status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;	857	status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
		858	if ( permit_logging == 1 )
		859	logit("mkdir %s", name);
776	send_status(id, status);	860	send_status(id, status);
777	xfree(name);	861	xfree(name);
778	}	862	}
Lines 789-794 Link Here
789	TRACE("rmdir id %u name %s", id, name);	873	TRACE("rmdir id %u name %s", id, name);
790	ret = rmdir(name);	874	ret = rmdir(name);
791	status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;	875	status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
		876	if ( permit_logging == 1 )
		877	logit("rmdir %s", name);
792	send_status(id, status);	878	send_status(id, status);
793	xfree(name);	879	xfree(name);
794	}	880	}
Lines 815-820 Link Here
815	s.name = s.long_name = resolvedname;	901	s.name = s.long_name = resolvedname;
816	send_names(id, 1, &s);	902	send_names(id, 1, &s);
817	}	903	}
		904	if ( permit_logging == 1 )
		905	logit("realpath %s", path);
818	xfree(path);	906	xfree(path);
819	}	907	}
820		908
Lines 870-875 Link Here
870	status = SSH2_FX_OK;	958	status = SSH2_FX_OK;
871	}	959	}
872	send_status(id, status);	960	send_status(id, status);
		961	if ( permit_logging == 1 )
		962	logit("rename old %s new %s", oldpath, newpath);
873	xfree(oldpath);	963	xfree(oldpath);
874	xfree(newpath);	964	xfree(newpath);
875	}	965	}
Lines 895-900 Link Here
895	s.name = s.long_name = buf;	985	s.name = s.long_name = buf;
896	send_names(id, 1, &s);	986	send_names(id, 1, &s);
897	}	987	}
		988	if ( permit_logging == 1 )
		989	logit("readlink %s", path);
898	xfree(path);	990	xfree(path);
899	}	991	}
900		992
Lines 913-918 Link Here
913	ret = symlink(oldpath, newpath);	1005	ret = symlink(oldpath, newpath);
914	status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;	1006	status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
915	send_status(id, status);	1007	send_status(id, status);
		1008	if ( permit_logging == 1 )
		1009	logit("symlink old %s new %s", oldpath, newpath);
916	xfree(oldpath);	1010	xfree(oldpath);
917	xfree(newpath);	1011	xfree(newpath);
918	}	1012	}
Lines 1034-1039 Link Here
1034	{	1128	{
1035	fd_set rset, wset;	1129	fd_set rset, wset;
1036	int in, out, max;	1130	int in, out, max;
		1131	unsigned int val = 0;
		1132	char *umask_env;
1037	ssize_t len, olen, set_size;	1133	ssize_t len, olen, set_size;
1038		1134
1039	/* XXX should use getopt */	1135	/* XXX should use getopt */
Lines 1041-1050 Link Here
1041	__progname = ssh_get_progname(av[0]);	1137	__progname = ssh_get_progname(av[0]);
1042	handle_init();	1138	handle_init();
1043		1139
		1140	/* Transaction logging */
		1141
		1142	if (getenv("LOG_SFTP") && atoi(getenv("LOG_SFTP")) == 1)
		1143	{
		1144	permit_logging = 1;
		1145	log_init("sftp-server", atoi(getenv("SFTP_LOG_LEVEL")),
		1146	atoi(getenv("SFTP_LOG_FACILITY")), 0);
		1147	}
		1148
		1149
1044	#ifdef DEBUG_SFTP_SERVER	1150	#ifdef DEBUG_SFTP_SERVER
1045	log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0);	1151	log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0);
1046	#endif	1152	#endif
1047		1153
		1154	if ( permit_logging == 1 )
		1155	logit("Starting sftp-server logging for user %s.", ((getenv("USER")!=NULL) ? getenv("USER") : "$USER==NULL"));
		1156
		1157	/* Umask control */
		1158
		1159	umask_env = getenv("SFTP_UMASK");
		1160	while (umask_env && umask_env && umask_env >= '0' && *umask_env <= '9')
		1161	val = val * 8 + *umask_env++ - '0';
		1162
		1163	if (!umask_env \|\| *umask_env \|\| val > 0777 \|\| val == 0) {
		1164	if ( permit_logging == 1 )
		1165	logit("bad value %o for SFTP_UMASK, turning umask control off.", val);
		1166	setumask = 0;
		1167	} else {
		1168	if ( permit_logging == 1 )
		1169	logit("umask control is on.");
		1170	setumask = val;
		1171	}
		1172
		1173
		1174	/* Sensitive client commands */
		1175
		1176	if (!getenv("SFTP_PERMIT_CHMOD") \|\| atoi(getenv("SFTP_PERMIT_CHMOD")) != 1) {
		1177	permit_chmod = 0;
		1178	if ( permit_logging == 1 )
		1179	logit("client is not permitted to chmod.");
		1180	}
		1181	if (!getenv("SFTP_PERMIT_CHOWN") \|\| atoi(getenv("SFTP_PERMIT_CHOWN")) != 1) {
		1182	permit_chown = 0;
		1183	if ( permit_logging == 1 )
		1184	logit("client is not permitted to chown.");
		1185	}
		1186
1048	in = dup(STDIN_FILENO);	1187	in = dup(STDIN_FILENO);
1049	out = dup(STDOUT_FILENO);	1188	out = dup(STDOUT_FILENO);
1050		1189
Lines 1087-1092 Link Here
1087	len = read(in, buf, sizeof buf);	1226	len = read(in, buf, sizeof buf);
1088	if (len == 0) {	1227	if (len == 0) {
1089	debug("read eof");	1228	debug("read eof");
		1229	if ( permit_logging == 1 )
		1230	logit("sftp-server finished.");
1090	exit(0);	1231	exit(0);
1091	} else if (len < 0) {	1232	} else if (len < 0) {
1092	error("read error");	1233	error("read error");





# override default of no subsystems
Subsystem	sftp	/usr/libexec/sftp-server

# sftp-server logging
#LogSftp no
#SftpLogFacility AUTH
#SftpLogLevel INFO

# sftp-server umask control
#SftpUmask

#SftpPermitChmod yes
#SftpPermitChown yes

Lines 510-515 Link Here

(-)openssh-4.0p1/sshd_config.5 (+35 lines)
510	DEBUG and DEBUG1 are equivalent.	510	DEBUG and DEBUG1 are equivalent.
511	DEBUG2 and DEBUG3 each specify higher levels of debugging output.	511	DEBUG2 and DEBUG3 each specify higher levels of debugging output.
512	Logging with a DEBUG level violates the privacy of users and is not recommended.	512	Logging with a DEBUG level violates the privacy of users and is not recommended.
		513	.It Cm LogSftp
		514	Specifies whether to perform logging of
		515	.Nm sftp-server
		516	subsystem transactions. Must be "yes" or "no." The default value is "no."
513	.It Cm MACs	517	.It Cm MACs
514	Specifies the available MAC (message authentication code) algorithms.	518	Specifies the available MAC (message authentication code) algorithms.
515	The MAC algorithm is used in protocol version 2	519	The MAC algorithm is used in protocol version 2
Lines 683-688 Link Here
683	.It Cm ServerKeyBits	687	.It Cm ServerKeyBits
684	Defines the number of bits in the ephemeral protocol version 1 server key.	688	Defines the number of bits in the ephemeral protocol version 1 server key.
685	The minimum value is 512, and the default is 768.	689	The minimum value is 512, and the default is 768.
		690	.It Cm SftpLogFacility
		691	Gives the facility code that is used when logging
		692	.Nm sftp-server .
		693	transactions. The possible values are: DAEMON, USER, AUTH, LOCAL0,
		694	LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
		695	The default is AUTH.
		696	.It Cm SftpLogLevel
		697	Gives the verbosity level that is used when logging messages from
		698	.Nm sftp-server .
		699	The possible values are:
		700	QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3.
		701	The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2
		702	and DEBUG3 each specify higher levels of debugging output.
		703	Logging with a DEBUG level violates the privacy of users
		704	and is not recommended.
		705	.It Cm SftpPermitChmod
		706	Specifies whether the sftp-server allows the sftp client to execute chmod
		707	commands on the server. The default is yes.
		708	.It Cm SftpPermitChown
		709	Specifies whether the sftp-server allows the sftp client to execute chown
		710	or chgrp commands on the server. Turning this value on means that the client
		711	is allowed to execute both chown and chgrp commands. Turning it off means that
		712	the client is prohibited from executing either chown or chgrp.
		713	The default is yes.
		714	.It Cm SftpUmask
		715	Specifies an optional umask for
		716	.Nm sftp-server
		717	subsystem transactions. If a umask is given, this umask will override all system,
		718	environment or sftp client permission modes. If
		719	no umask or an invalid umask is given, file creation mode defaults to the permission
		720	mode specified by the sftp client. The default is for no umask.
686	.It Cm StrictModes	721	.It Cm StrictModes
687	Specifies whether	722	Specifies whether
688	.Nm sshd	723	.Nm sshd

Return to bug 82372

Lines 42-53 Link Here

(-)openssh-4.0p1/sftp-server.8 (-1 / +16 lines)
42	option.	42	option.
43	See	43	See
44	.Xr sshd_config 5	44	.Xr sshd_config 5
		45	for more information. Sftp-server transactions may be logged
		46	using the
		47	.Cm LogSftp ,
		48	.Cm SftpLogFacility ,
		49	and
		50	.Cm SftpLogLevel
		51	options. The administrator may exert control over the file and directory
		52	permission and ownership, with
		53	.Cm SftpUmask ,
		54	.Cm SftpPermitChmod ,
		55	and
		56	.Cm SftpPermitChown
		57	. See
		58	.Xr sshd_config 5
45	for more information.	59	for more information.
46	.Sh SEE ALSO	60	.Sh SEE ALSO
47	.Xr sftp 1 ,	61	.Xr sftp 1 ,
48	.Xr ssh 1 ,	62	.Xr ssh 1 ,
49	.Xr sshd_config 5 ,	63	.Xr sshd_config 5 ,
50	.Xr sshd 8	64	.Xr sshd 8,
		65	.Xr sshd_config 5
51	.Rs	66	.Rs
52	.%A T. Ylonen	67	.%A T. Ylonen
53	.%A S. Lehtinen	68	.%A S. Lehtinen

Lines 153-155 Link Here

(-)openssh-4.0p1/sshd_config (+11 lines)
153		153
154	# override default of no subsystems	154	# override default of no subsystems
155	Subsystem sftp /usr/libexec/sftp-server	155	Subsystem sftp /usr/libexec/sftp-server
		156
		157	# sftp-server logging
		158	#LogSftp no
		159	#SftpLogFacility AUTH
		160	#SftpLogLevel INFO
		161
		162	# sftp-server umask control
		163	#SftpUmask
		164
		165	#SftpPermitChmod yes
		166	#SftpPermitChown yes